Malware samples which consist mostly of mobile spyware rocketed to over 120,000 last month within three months. The OS's application signing shows further weakness, according to Alcatel-Lucent's Kindsight Security Labs study.
Overall, 0.52 percent of devices were infected with high threat level malware, a slight increase from 0.5 percent last quarter. Majority of infected devices are either Android phones or Windows laptop tethered to a phone or connected directly through a mobile USB stick or Mi-Fi hub.
The number of infected Android devices are also starting to dominate the total number of infected mobile devices.
According to the report, the major infection vector comes from Trojanized apps distributed from Google Play Store, legitimate third party app stores or "shadier" app stores specializing in pirated applications. While Google Play had made efforts to scan and remove any apps containing malware, many of the third party app stores have not checked for apps containing malware.
Most mobile threats detected belong to the spyware category, and this poses a large threat to organizations in the Bring Your Own Device (BYOD) era because they can be installed on an employee's phone for industrial or corporate espionage.
The report also found vulnerabilities existed when it came to Android application signing. All Android applications need to be signed cryptographically, which can help verify the identity of the application author and ensure the application has not been tampered with but issues exist on this model, the report noted.
While the Android operating system checks the app has been signed, it makes no attempt to verify that the signature is legitimate, but simply accepts any old signatures. This allows the "signer" to put any information they want into the certificate, making it easy to make pirated copies of applications with Trojan services injected into them.
In terms of fixed broadband deployments in Q2 this year, 10 percent of residential households also showed evidence of malware infection, an increase from 9 percent infection last quarter.
Of which, 6 percent of households were infected by a high threat level malware such as a botnet, rootkit or banking Trojan, while 5 percent of households also infected with a moderate threat level malware such as spyware, browser hijackers or adware. Some households had multiple infections including both high and moderate threat level infections.
The ZeroAccess Bot remains the most common malware threat in Q2, infecting about 0.8 percent of broadband users. It uses rootkit technology to conceal its presence, while downloading additional malware used in a large scale ad-click fraud. This can cost Internet advertisers millions of dollars and when aggregated over a month, it can be quite significant for the user.